Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- include("../functions.php");
- if ($db->connect()){
- mysql_select_db("forum");
- if (isset($_GET["action"])){
- $action=$_GET["action"];
- if ($action=="newpost"){
- if (isset($_POST["subject"])){
- if (isset($_POST["comment"])){
- $forumid=mysql_real_escape_string($_POST["forumid"]);
- $user=mysql_fetch_array(mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string($_COOKIE["username"])."'"));
- $subject=mysql_real_escape_string($_POST["subject"]);
- $comment=mysql_real_escape_string($_POST["comment"]);
- $lcsql=mysql_query("SELECT * FROM posts ORDER BY `id` DESC");
- $lcrow=mysql_fetch_array($lcsql);
- $id=$lcrow["id"]+1;
- if (!isset($_GET["parent"])){
- $parentid=mysql_real_escape_string($_POST["parentid"]);
- $isparent=0;
- }else{
- $parent=$id;
- $isparent=1;
- }
- if ($subject!=""){
- if ($comment!=""){
- $sql=mysql_query("INSERT INTO `posts`(id,isparent,parentid,forumid,userid,subject,comment)
- VALUES(".$id.",".$isparent.",".$parentid.",".$forumid.",".$user["id"].",'".$subject."','".$comment."')");
- if ($sql){
- header('location: ./?='.$parentid);
- }else{
- die(mysql_error());
- }
- }else{
- echo('<div id="loginerror">Comment is empty</div>');
- }
- }else{
- echo('<div id="loginerror">Subject is empty</div>');
- }
- }
- }
- }else if ($action=="forummod"){
- if (isset($_COOKIE["admin"])){
- if ($_COOKIE["admin"]>0){
- if (isset($_GET["type"])){
- if ($_GET["type"]=="hide") $hidden=1;
- else if ($_GET["type"]=="show") $hidden=0;
- }
- $sql=mysql_query("UPDATE `forums` SET hidden=".$hidden." WHERE id=".mysql_real_escape_string($_GET["id"]));
- if ($sql){
- header("location: ./?id=".$_GET["id"]);
- }else{
- die(mysql_error());
- }
- }else{
- header("location: ./?error=access+denied");
- }
- }else{
- header("location ./?error=access+denied&&extra=please+login");
- }
- }else if ($action=="login"){
- if (isset($_POST["password"])){
- if (isset($_POST["username"])){
- $username=mysql_real_escape_string($_POST["username"]);
- $password=mysql_real_escape_string($_POST["password"]);
- $password=hash('sha256',hash('md5',$password));
- if ($user->validLogin($username,$password)){
- $expire=time()+60*60*24*30;
- setcookie("username",$username,$expire);
- setcookie("password",$password,$expire);
- setcookie("admin",($db->get("admin","users","username",$username)),$expire);
- setcookie("userid",($db->get("id","users","username",$username)),$expire);
- header("location: ./");
- }else{
- echo("wat");
- header("location: ./?error=invalid+login");
- }
- }else{
- header("location: ./?error=no+username");
- }
- }else{
- header("location: ./?error=no+password");
- }
- }else if ($action=="logout"){
- $expire=time()-3600; //set the expire time for an hour ago
- setcookie("username", "", $expire);
- setcookie("password", "", $expire);
- setcookie("userid", "",$expire);
- setcookie("admin", "",$expire);
- }
- }else{
- header(" ./?error=no+action");
- }
- }else{
- header(" ./?erorr=db+connect+error");
- }
- ?>
Add Comment
Please, Sign In to add comment